Analysis Overview
SHA256
03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761
Threat Level: Known bad
The file 03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761 was found to be: Known bad.
Malicious Activity Summary
Locky
suricata: ET MALWARE Ransomware Locky CnC Beacon
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-07-13 15:03
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2022-07-13 15:03
Reported
2022-07-13 15:06
Platform
win10v2004-20220414-en
Max time kernel
155s
Max time network
158s
Command Line
Signatures
Locky
suricata: ET MALWARE Ransomware Locky CnC Beacon
Processes
C:\Users\Admin\AppData\Local\Temp\03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761.exe
"C:\Users\Admin\AppData\Local\Temp\03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.47.37:80 | 31.41.47.37 | tcp |
| FR | 188.138.88.184:80 | tcp | |
| FR | 85.25.138.187:80 | tcp | |
| NL | 104.97.14.81:80 | tcp | |
| IE | 20.54.110.249:443 | tcp | |
| US | 8.8.8.8:53 | nydbob.nl | udp |
| US | 8.8.8.8:53 | flfxp.ru | udp |
| US | 8.8.8.8:53 | sbckmllt.be | udp |
| US | 8.8.8.8:53 | kquosio.in | udp |
| US | 8.8.8.8:53 | xgrxbbwgdo.uk | udp |
| US | 8.8.8.8:53 | lvrrlykypsssv.eu | udp |
| NL | 104.97.14.80:80 | tcp | |
| NL | 104.97.14.80:80 | tcp | |
| FR | 188.138.88.184:80 | tcp | |
| US | 20.42.65.89:443 | tcp | |
| FR | 85.25.138.187:80 | tcp | |
| US | 8.8.8.8:53 | nydbob.nl | udp |
| US | 8.8.8.8:53 | flfxp.ru | udp |
| US | 8.8.8.8:53 | sbckmllt.be | udp |
| US | 8.8.8.8:53 | kquosio.in | udp |
| US | 8.8.8.8:53 | xgrxbbwgdo.uk | udp |
| US | 8.8.8.8:53 | lvrrlykypsssv.eu | udp |
| FR | 188.138.88.184:80 | tcp | |
| FR | 85.25.138.187:80 | tcp |
Files
memory/3416-130-0x0000000000860000-0x000000000088E000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-13 15:03
Reported
2022-07-13 15:06
Platform
win7-20220414-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Locky
suricata: ET MALWARE Ransomware Locky CnC Beacon
Processes
C:\Users\Admin\AppData\Local\Temp\03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761.exe
"C:\Users\Admin\AppData\Local\Temp\03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 31.41.47.37:80 | 31.41.47.37 | tcp |
| FR | 188.138.88.184:80 | tcp | |
| FR | 85.25.138.187:80 | tcp | |
| US | 8.8.8.8:53 | nydbob.nl | udp |
| US | 8.8.8.8:53 | flfxp.ru | udp |
| US | 8.8.8.8:53 | sbckmllt.be | udp |
| US | 8.8.8.8:53 | kquosio.in | udp |
| US | 8.8.8.8:53 | xgrxbbwgdo.uk | udp |
| US | 8.8.8.8:53 | lvrrlykypsssv.eu | udp |
| RU | 31.41.47.37:80 | 31.41.47.37 | tcp |
| FR | 188.138.88.184:80 | tcp | |
| FR | 85.25.138.187:80 | tcp |
Files
memory/1376-54-0x0000000075361000-0x0000000075363000-memory.dmp
memory/1376-55-0x0000000001390000-0x00000000013BE000-memory.dmp